From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Tim Deegan <tim@xen.org>
Cc: "Liu, Jinsong" <jinsong.liu@intel.com>,
Keir Fraser <keir@xen.org>, Jan Beulich <JBeulich@suse.com>,
"zhenzhong.duan@oracle.com" <zhenzhong.duan@oracle.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"Auld, Will" <will.auld@intel.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
"sherry.hurwitz@amd.com" <sherry.hurwitz@amd.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>
Subject: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Date: Wed, 23 Oct 2013 11:16:23 +0100 [thread overview]
Message-ID: <5267A1F7.6050408@citrix.com> (raw)
In-Reply-To: <20131022152619.GB30504@deinos.phlegethon.org>
On 22/10/13 16:26, Tim Deegan wrote:
> At 15:55 +0000 on 21 Oct (1382367312), Liu, Jinsong wrote:
>> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001
>> From: Liu Jinsong <jinsong.liu@intel.com>
>> Date: Thu, 17 Oct 2013 05:49:23 +0800
>> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
>>
>> This patch solves XSA-60 security hole:
>> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need
>> do nothing, since hardware snoop mechanism has ensured cache coherency.
>>
>> 2. For guest with VT-d but non-snooped, cache coherency can not be
>> guaranteed by h/w snoop, therefore it need emulate UC type to guest:
>> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that
>> guest memory type are all UC.
>> 2.2). if it works w/ shadow, drop all shadows so that any new ones would
>> be created on demand w/ UC.
>>
>> This patch also fix a bug of shadow cr0.cd setting. Current shadow has a
>> small window between cache flush and TLB invalidation, resulting in possilbe
>> cache pollution. This patch pause vcpus so that no vcpus context involved
>> into the window.
>>
>> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
> Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
next prev parent reply other threads:[~2013-10-23 10:16 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-21 15:55 [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling Liu, Jinsong
2013-10-22 14:55 ` Jan Beulich
2013-10-23 8:48 ` DuanZhenzhong
2013-10-23 16:29 ` Nakajima, Jun
2013-10-23 16:38 ` Jan Beulich
2013-10-24 16:19 ` Liu, Jinsong
2013-10-24 16:39 ` Liu, Jinsong
2013-10-28 7:29 ` Jan Beulich
2013-10-28 8:31 ` Liu, Jinsong
2013-10-28 9:29 ` Jan Beulich
2013-10-29 16:52 ` Liu, Jinsong
2013-10-29 17:20 ` Andrew Cooper
2013-10-30 15:21 ` Liu, Jinsong
2013-10-30 15:27 ` Jan Beulich
2013-10-30 8:05 ` Jan Beulich
2013-10-30 15:41 ` Liu, Jinsong
2013-10-22 15:26 ` Tim Deegan
2013-10-23 10:16 ` Andrew Cooper [this message]
2013-11-04 8:49 ` Zhenzhong Duan
2013-11-04 9:05 ` kexec spin lock issue (was: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling) Jan Beulich
2013-11-06 12:30 ` [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling Jan Beulich
2013-11-05 21:06 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5267A1F7.6050408@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=jinsong.liu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=sherry.hurwitz@amd.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=will.auld@intel.com \
--cc=xen-devel@lists.xen.org \
--cc=zhenzhong.duan@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.